In January 2023, PrivateLoader, a malware loader from a pay-per-install malware distribution service called “ruzki”, started to distribute Tofsee (a.k.a. Gheg), a modular spambot. Spambots are typically utilized by cybercriminals to spread malware and phishing emails, and this particular one has been in operation since at least 2008.

Recently, we discussed the most effective cybersecurity frameworks to reduce the risk of cyber threats. One of the most important systems is the Federal Information Security Management Act (FISMA). This act applies to certain organizations, and is imperative to help protect them against data breaches. Let’s take a look at four things to know about FISMA, from what it is to how to monitor FISMA compliance.

The other week, BitSight published research identifying thousands of organizations using internet-facing and exposed webcams with many video and audio feeds susceptible to spying. The potential consequences are serious – an attacker could potentially view private activities and eavesdrop on sensitive conversations, presenting a variety of privacy and security concerns. Below are some of the screenshots BitSight captured from exposed devices (blurred for privacy).

The more technology your organization adopts, the more exposed it becomes to third-party risks. Consider these statistics: Organizations have responded to these risks by implementing robust third-party risk assessment procedures. However, a common mistake is to view vendor risk management as a one-time activity, typically conducted prior to onboarding a new vendor. Since third-party risks are constantly evolving, it's crucial to evaluate vendor security at every phase of the vendor lifecycle.